Luxembourg - Summer 2023

AWS Security Hero

I’ve apparently been selected as one of the first cohorts of AWS Security Heroes. I was hoping for the title of Microsoft Security Villian, but I’ve got to admit I’m pretty honored.

Cloud is Hard. Cloud is harder when you don’t have massive cloud security and governance teams. You go to the cloud with the AWS you have, not the AWS you want. Engineering compromises are made. The expense of later going back to retrofit and changing those engineering choices is expensive. I love having those conversations with teams. Helping them understand what they should revisit and what’s working for them, and what they should keep.

Couple this with the fact that AWS is changing massively. I was having a conversation with an engineer on logging, and they pointed out to me that CloudWatch has new cross-account capabilities. Looking at the announcement date, I can tell why I missed it. I was out late partying at re:Invent and not reading every blog post.

Security is about trade-offs. Not every organization can afford a top-tier program. It’s imperative that we in security are educating our builder community about actual risks and not regurgitating CIS Benchmarks and sending officious little emails about every unencrypted EBS volume. I started to document actual cloud security risks and be able to describe them in ways that builders understand.

This is probably a good time to talk about some of the things I’m working on:

  1. There is no definitive list of IAM Actions granting access to data in AWS. IAM Sensitive Actions intends to fix that and centralize several community lists around credential exposure and privilege escalation actions.
  2. fwd:cloudsec 2024 - Venue hunting is underway.
  3. BSides Atlanta 2023 will be October 14th at Kennesaw State University. I’ve agreed to join their organizing committee.
  4. As I mentioned previously, we’ve got the Incident Response in AWS class open for registration. October 4th & 5th in Augusta, GA.
  5. I’ve been experimenting with HoneyPots and will be giving two presentations on the topic I’ve got the cloud, you’ve got the crooks, let’s make lots of honey(pots) for BSides Augusta and Highway to the danger zone - Protecting yourself while exposing an AWS HoneyPot environment at the SANS CloudSecNext Summit.

I also want to thank the AWS Community Builders program for having me the last year. Jason Dunn and his crew have been fantastic to work with and I highly recommend folks check that program out.